Building a VPN Dashboard using Django and JunOS pyEZ (Part 1 - Initial thoughts)

So maybe you’re like me – you’ve done a bit of everything in the past, but now you’ve specialized on something (like networking). Know what the best part of that is? Using all that knowledge and experience to make things happen. In this case, I’m talking about some of my prior experiences in scripting in automation, paired with some pretty great network APIs.

One thing my current job has never had is a good way to view VPN tunnel status between our firewalls. Our Check Point firewalls don’t really provide a good high-level view, which has unfortunately caused some confusion around whether or not a site-to-site VPN tunnel is currently established. Luckily, over the past year I’ve had the opportunity to install over 20 new Juniper SRX firewalls – mostly made up of SRX 1500 and SRX 345 models. I’ve written a bit before about the JunOS APIs and pyEZ (their Python library), but I’m always really excited at a new use case for network automation.

So recently I decided that it would be great to build a web-based dashboard, which would query all of our SRX firewalls for currently connected VPN tunnels. Approximately 90% of the current tunnels are site-to-site between our own data center locations, with the other 10% being external to customers. My idea was that I would have a simple HTML table, which would show each data center along the top and bottom and whether or not each was connected to each other, kinda like this:

Location 1  Location 2 Location 3 Location 4
Location 1  N/A UP UP UP
Location 2 UP N/A UP DOWN!
Location 3 UP UP N/A UP
Location 4 UP DOWN! UP N/A

I wasn’t really concerned about making it look fancy – just dynamically updatable by whatever backend mechanism I used. Speaking of which, I had also assumed I would just be writing some simple Python script to pull VPN info from each device, then just write it to an HTML file. I haven’t really done much web stuff with Python in the past, so I set out to learn a bit and figure out what the best approach might be.

I ended up settling on trying out Django to write the frontend web stuff. I had never used it before, but I’ve been interested in trying – and what’s a better time to learn, than when you have something that needs to be accomplished? One thing that really pushed me towards Django for this project was the built-in administration page. This was huge for me, because it meant that I could easily have a way for other people to update the web dashboard. Whenever a new location came online, I wouldn’t have to go update the script directly – anyone on my team could log into the admin page and make the changes.

In this post I just wanted to get through what my ideas were behind this project. In the next few weeks, I’ll begin explaining how I built the dashboard using Django and use pyEZ to scrape VPN status from each firewall. Thoughts? Drop a comment below!

This is a multi-part series – Check out the other posts: